diff options
author | Joakim Erdfelt | 2014-12-12 16:23:24 +0000 |
---|---|---|
committer | Joakim Erdfelt | 2014-12-12 16:24:39 +0000 |
commit | 2b241ac04bdccfb88c60841e5e8cacb4d487a16a (patch) | |
tree | 194fa157668930b165572ee3ffee4ea9fb518120 /jetty-io | |
parent | fe444b28dd05d7f7c668335a7b68844ffc9047b9 (diff) | |
download | org.eclipse.jetty.project-2b241ac04bdccfb88c60841e5e8cacb4d487a16a.tar.gz org.eclipse.jetty.project-2b241ac04bdccfb88c60841e5e8cacb4d487a16a.tar.xz org.eclipse.jetty.project-2b241ac04bdccfb88c60841e5e8cacb4d487a16a.zip |
454773 - SSLConnection use on Android client results in loop
+ Adding safety check for SSL unwrap in client mode that
results in OK status but no content
Diffstat (limited to 'jetty-io')
-rw-r--r-- | jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java index ca0ec020d8..067e5f7661 100644 --- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java +++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java @@ -304,7 +304,7 @@ public class SslConnection extends AbstractConnection { @Override public void succeeded() - { + { } @Override @@ -314,7 +314,7 @@ public class SslConnection extends AbstractConnection getFillInterest().onFail(x); getWriteFlusher().onFail(x); } - + },x); } }; @@ -346,7 +346,7 @@ public class SslConnection extends AbstractConnection @Override protected void onIncompleteFlush() - { + { // This means that the decrypted endpoint write method was called and not // all data could be wrapped. So either we need to write some encrypted data, // OR if we are handshaking we need to read some encrypted data OR @@ -380,8 +380,8 @@ public class SslConnection extends AbstractConnection try_again = true; } } - - + + if (try_again) { // If the output is closed, @@ -522,7 +522,9 @@ public class SslConnection extends AbstractConnection HandshakeStatus unwrapHandshakeStatus = unwrapResult.getHandshakeStatus(); Status unwrapResultStatus = unwrapResult.getStatus(); - _underFlown = unwrapResultStatus == Status.BUFFER_UNDERFLOW; + // Extra check on unwrapResultStatus == OK with zero length buffer is due + // to SSL client on android (see bug #454773) + _underFlown = unwrapResultStatus == Status.BUFFER_UNDERFLOW || unwrapResultStatus == Status.OK && unwrapResult.bytesConsumed()==0 && unwrapResult.bytesProduced()==0; if (_underFlown) { @@ -731,11 +733,11 @@ public class SslConnection extends AbstractConnection if (wrapResult.bytesConsumed()>0) consumed+=wrapResult.bytesConsumed(); Status wrapResultStatus = wrapResult.getStatus(); - + boolean allConsumed=true; for (ByteBuffer b : appOuts) if (BufferUtil.hasContent(b)) - allConsumed=false; + allConsumed=false; // and deal with the results returned from the sslEngineWrap switch (wrapResultStatus) @@ -800,7 +802,7 @@ public class SslConnection extends AbstractConnection // try again. if (!allConsumed && wrapResult.getHandshakeStatus()==HandshakeStatus.FINISHED && BufferUtil.isEmpty(_encryptedOutput)) continue; - + // Return true if we consumed all the bytes and encrypted are all flushed return allConsumed && BufferUtil.isEmpty(_encryptedOutput); |